Manage Role Based Policy Users and User Groups

Role-Based Policy Users and User Groups

Users and user groups determine who the role will be applied to.

Role-based policy management is disabled on hosts configured to use script-based policy. For more information, see Role-Based vs. Script-Based Policies.

User and User Group Types

There are three types of users and user groups:

Secure: A user or group not associated with any system. The name and credential are added to the policy.
System: The users and groups are retrieved from the selected host. System roles are only available with Endpoint Privilege Management for Unix and Linux versions 9.4.4 or later.
Directory Service: The users and groups are retrieved from Directory Service. Create a connection to Directory Service on the Settings > Integration page.

If a wildcard character (*) is in the username, the user is treated as a group.

Add a Secure User

Go to the Policy Management page.
In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
Click Policy.
Click Who.
Click Add User / Group and select Secure User.
Enter Username, Description, and choose to enable or disable the entry.
Click Save Changes.

Add a Secure Group

Go to the Policy Management page.
In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
Click Policy.
Click Who.
Click Add User / Group and select Secure Group.
Enter Group name, Description, and choose to make the group active or inactive.
In the Group members section, enter existing secure users in the Username field to add them to the group.
Click Save Changes.

Delete a Secure User or Group

Go to the Policy Management page.
In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
Click Policy.
Click Who.
Select a secure user or group entry from the Users list.
On the Users and Groups pane, click Delete User or Delete Group to delete the entry.

Add a System User or Group

Go to the Policy Management page.
In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
Click Policy.
Click Who.
Click Add User / Group and select System User or System Group. A list of available entries is displayed on the Users and Groups pane.
On the Users and Groups pane, check the box to import users or user groups. The imported users or user groups are displayed in the Users list.

Remove a System User or Group

Go to the Policy Management page.
In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
Click Policy.
Click Who.
Select a system user or group entry from the Users list.
On the Users and Groups pane, click Remove User or Remove User Group to remove the entry.

Add a Directory Service User or Group

Go to the Policy Management page.
In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
Click Policy.
Click Who.
Click Add User / Group and select Directory Service Users and Groups.
On the Users and Groups pane, select the Search Type to Find Users or Find Groups.
Enter the Forest and Domain.
Click Browse to filter by organizational unit (OU) and enter criteria in the Search for field.
Click Search Directory Service.
Check the box to import Directory Service users or user groups. The imported users or user groups are displayed in the Users list.

Remove a Directory Service User or Group

Go to the Policy Management page.
In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select Server Details.
Click Policy.
Click Who.
Select a Directory Service user or group entry from the Users list.
On the Users and Groups pane, click Remove User or Remove Group to remove the entry.